const jwt = require('jsonwebtoken');
const bcrypt = require('bcryptjs');

const JWT_SECRET = process.env.JWT_SECRET || 'your-secret-key';

// 生成JWT token
const generateToken = (userId, role) => {
  return jwt.sign(
    { id: userId, role: role },
    JWT_SECRET,
    { expiresIn: '24h' }
  );
};

// 验证密码
const verifyPassword = async (password, hashedPassword) => {
  return await bcrypt.compare(password, hashedPassword);
};

// 加密密码
const hashPassword = async (password) => {
  const salt = await bcrypt.genSalt(10);
  return await bcrypt.hash(password, salt);
};

// 生成随机验证码
const generateVerificationCode = () => {
  return Math.floor(100000 + Math.random() * 900000).toString();
};

// 验证商户权限
const isMerchant = (role) => {
  return role === 'merchant';
};

module.exports = {
  generateToken,
  verifyPassword,
  hashPassword,
  generateVerificationCode,
  isMerchant
}; 